Package: ntp
Version: 1:4.2.0a+stable-8
This is a bug submitted to ubuntu, that I would like to forward upstream:
I wanted to restrict access to ntpd, such that only clients on my local
network could query my server. (I use a firewall, but I wanted a belts and
braces approach.) I configured what I thought was a suitable /etc/ntp.conf
file, but I found that ndpd wasn't syncing:
ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
fiordland.ubunt .INIT. 16 u - 1024 0 0.000 0.000 4000.00
ntp0.zen.co.uk .INIT. 16 u - 1024 0 0.000 0.000 4000.00
Eventually I realised that "restrict" applies to servers as well as
clients, and I'd set up ntpd to ignore replies from the servers I'd
configured.
I attach a patch to /etc/ntp.conf to point to the support documentation at
ntp.isc.org as well as the local documentation in /usr/share/doc/.--- ntp.conf.orig 2006-05-29 03:48:45.000000000 +0100
+++ ntp.conf 2006-07-22 18:38:58.000000000 +0100
@@ -1,5 +1,10 @@
# /etc/ntp.conf, configuration for ntpd
+# The official documentation of /etc/ntp.conf is at
+# file:///usr/share/doc/ntp-doc/html/ntpd.html#cfg
+# Another excellent resource for practical help is
+# http://ntp.isc.org/bin/view/Support/ConfiguringNTP
+
# ntpd will use syslog() if logfile is not defined
#logfile /var/log/ntpd
@@ -37,7 +42,9 @@
restrict 127.0.0.1 nomodify
# Clients from this (example!) subnet have unlimited access,
-# but only if cryptographically authenticated
+# but only if cryptographically authenticated.
+# NB: "restrict" applies to servers as well as clients.
+# See http://ntp.isc.org/bin/view/Support/AccessRestrictions
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# If you want to provide time to your local subnet, change the next line.
